Cybersecurity and Privacy Applications

Cybersecurity and privacy are important to the nation and its citizens. The Cybersecurity and Privacy Applicants Group addresses critical needs for new and existing technology. The National Institute of Standards and Technology (NIST) develops, integrates and promotes standards and guidelines to meet established standards for cybersecurity privacy needs.

Our Cybersecurity Framework consists of standards, guidelines and best practices to manage cybersecurity risks. The Framework is a flexible, cost-effective, voluntary program that promotes the protection and resilience of the nation’s critical infrastructure.

We focus on protecting the country’s infrastructure. The Industry Control System (ICS) detects security incidents; restriction of physical and logical access; and protects infrastructures from being exploited. NIST provides guidance on how to secure ICS, identify threats and recommends ways to mitigate risks.

Through our Privacy Engineering Program (PEP), we research the trustworthiness of cyber technology and the ways in which it is incorporated into society. PEP applies measurement science and system engineering principles to the creation of frameworks, risk models, tools and standards that protect privacy and civil liberties.

Our Public Safety Communications Research (PSCR) supports the public safety community’s goal to create a nationwide broadband network. This network would allow public safety officials to react in real-time and share information. PSCR conducts research in network interface and data security officials with practical, usable cybersecurity tools to meet their current and future needs.

We collaborate with the Small Business Administration and the Federal Bureau of Investigation to provide training for small and medium-sized businesses. Businesses of this size rely on information technology (IT) for storing, process and transmitting critical information needed for day-to-day operations. Unlike large corporations, small and medium-sized businesses cannot justify a full-time IT staff. With limited resources and budgets, these businesses need information security solutions, as well as practical and cost-effective training to address their information security risks.

Our NIST Smart Grid Testbed facility addresses the challenges of smart grid cybersecurity and maintaining the nation’s electrical grid. Smart grid solutions must protect against inadvertent compromises of the electric infrastructure, user errors, equipment failure, natural disasters or deliberate attacks. We work with the Smart Grid Interoperability Panel Cybersecurity Committee to evaluate cybersecurity policies and measures, industry standards, and develop relevant guidance documents for smart grid cyber professionals. The Cybersecurity for Smart Grid Systems program promotes technology transfer of best practices; standards and voluntary guidance; and research in the areas of applied cryptography and cybersecurity for grids. Our project provides foundational cybersecurity guidance; reviews recommendations for standards and requirements; outreach; and fosters collaboration amongst the smart grid cyber community.

Finally, we provide technical support for the Election Assistance Commission and the Technical Guidelines Development Committee in efforts to upgrade voting equipment around the nation. We lend our expertise on matters involving human factors, security and laboratory accreditation. We research security issues in voting systems and identify standards, guidelines and technology to improve the security of those systems.